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(57) Abstract: A method of elliptic curve encryp- 
tion comprising the step of, (a) selecting an elliptic 
curve Ep (a,b) of the form y^x 3 + ax -f b mod (p) 
wherein a and b are non-negative integers less than p 
satisfying the formula 4 a 3 + 27b 2 mod (p) not equal 
to 0; (b) generating a large 160 bit random number 
by a method of concatenation of a number of smaller 
random numbers; (c) generating a well hidden point 
G(x,y) on the elliptic curve Ep (a,b) by scalar multi- 
plication of a point B (x,y) on the elliptic curve with 
a large random integer which further comprises the 
steps; (i) converting the large random Integer Into a 
series of powers of 2 31 ; (ii) converting each coeffi- 
cient of 2 31 obtained from above step into a binary 
series; (iii) multiplication of binary series obtained 
from steps(i) & (ii) above with the point B (x,y) on 
the elliptic curve ; (d) generating a private key n A (of 
about>=160 bit length); (e) generating of public key 
PA(x,y) given by the formula P A (x,y) = (n A -G (x,y)) 
mod (p); (f) encrypting the input message MSG; (g) 
decrypting the ciphered text. 
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FIELD OF INVENTION 

This invention relates to a method of elliptic curve encryption. 
PRIOR ART 

Data security, authentication and verification are desirable features in 
5 the Internet based data communications, wireless communication, E- 
Commerce and smart card related applications etc. Basically, data 
encryption systems can be divided into two categories: symmetric 
encryption systems and asymmetric encryption systems. In a 
symmetric encryption system, the same key Is used to encrypt the data 
10 at sender's end and to decrypt the ciphered text at the receiver's end. 
However, in such systems, the encryption key is required to be 
exchanged beforehand over a secure communication channel. 

Asymmetric encryption systems utilize two separate keys for 
encryption of the data and decryption of the ciphered text. The key to 

1 5 encrypt the data Is made public while the corresponding decryption key 
Is kept private and not shared with other. The private key can not be 
generated from the public key and, as such, only the intended recipient 
with the private key can decrypt the ciphered text. Asymmetric 
encryption systems do not need the prior exchange of keys and hence 

20 are preferred over symmetric encryption systems. The most well 
known asymmetric encryption system is RSA encryption system. The 
RSA encryption system Is based on Integer factorization problem. 
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In RSA algorithm, two primes p and q, usually very large, are required 
to generate a modulus n, with the equation n = p.q. In RSA algorithm 
the public key d and private key e are related with the equation 

e.d = 1(mod 8) (sign stands for multiplication) 

5 Where, 8* (p-1) (q-1) 

The Input message M is encrypted with the equation 

M c - (M) d mod (n) 

Where M c is cipher of the input message M, d is the public key and n is 
the modulus. M c can be reconstructed to the input message M with the 

1 o equation 

M = (M c ) 9 mod (n) 

In RSA algorithm, the private and public keys are chosen sufficiently 
big to achieve an adequate level of security. The security of the system 
Is based on the principle of difficulty in factoring a large number that 
has no relatively small factors. Accordingly, p and q must be relatively 
large prime numbers. As the advances already made in crypt analysis 
system and computation speed are threats to the encryption systems 
utilizing moderate sized keys, bigger and bigger sized keys are being 
used for encryption systems. Ultimately, the size of the key (n) is 
required to be around 1024 bits to achieve an adequate level of 
security. Due to the need of bigger key sfee and nature of operation, 
RSA algorithm demands more memory, bandwidth for communication 
and computation time. 

However, the RSA technique, already known In the art, suffers from 

2 5 the following disadvantages . 



15 



20 
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Main disadvantage of the RSA encryption system, known In the art, Is 
that it requires significant band width and storage capacity. 

Another disadvantage of the RSA encryption technique, known in the 
art, Is that tt requires more time for computation and communication 

5 Yet another disadvantage of the RSA encryption system, known in the 
art, is that it is vulnerable particularly in view of the recent advances in 
the analytical techniques. 

An alternate encryption system, Digital Signature Algorithm (DSA) Is 
based on discrete logarithm problem on finite group. This encryption 
l o system Is widely used for digital signature for authentication. 

If G is a finite group and a and b are elements of G, then the equation 
a* ■ b represents a discrete logarithm problem. If a and x are known, 
finding b Is straight forward. Here the value x Is called logarithm of b to 
the base a, i.e. x - log a b. Finding the value of x Is more difficult, if a 
1 5 and b are sufficiently large. 

A variation of discrete logarithm problem is the elliptic curve discrete 
logarithm problem. In this case, the discrete logarithm is based on an 
elliptic curve E p (a,b), defined on a finite field. It Is well known that 
solving a problem based on elliptic curve discrete logarithm Is more 

20 difficult than a problem based on discrete logarithm based on finite 
group. In the elliptic curve cryptography method, each person can 
define his own elliptic curve for encryption and decryption, thus 
providing increased security. An elliptic curve can be easily redefined 
and new public and private keys can be generated to return to a 

25 secure system. The elliptic curve method reduces the bandwidth 
requirement of the public key system because the parameters can be 
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stored with fewer keys. This Is an Important feature, which helps In 
restricting the key size In elliptic curve cryptography. The elliptic curve 
method of encryption is well known in the art. However, the elliptic 
curve methods, known in the art, suffer from following disadvantages. 

5 Main disadvantage of the elliptic curve method of encryption, known In 
the art, is that the scalar multiplication involved In the encryption 
process takes large computer time thereby rendering the entire 
encryption slower and unsuitable for applications where time factor Is 
very critical. 

j o Another disadvantage of the elliptic curve method, known In the art, Is 
that the encryption process utilises only one coordinate of a point on 
the elliptic curve for encoding the message thereby reducing the 
throughput of the encryption system. 

flftlECIS 9F THE INVENTION 

p. 5 Primary object of the invention is to provide a method of elliptic curve 
encryption, which Is based on discrete logarithm problem on elliptic 
curve. 

Another object of the Invention Is to provide a method of elliptic curve 
encryption, which has a higher throughput as long streams of 

20 messages can be encrypted with same set of paints. 

Yet another object of the Invention is to provide a method of elliptic 
curve encryption, which uses an efficient method of multiplication of a 
point on the elliptic curve E p (a, b) by a large integer thereby reducing 
the encryption time. 
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Still another object of the Invention Is to provide a method of elliptic 
curve encryption, which has higher security level as it selects different 
random points lying on the curve for different points of the message. 

Yet further object of the Invention is to provide a method of elliptic 
5 curve encryption, which utilises both x and y coordinates of points on 
the curve corresponding to a point in the plane generated from 
message thereby enhancing the throughput. 

Still another object of the invention is to provide a method of elliptic 
curve encryption, which provides a separate method of generating 
10 random numbers thereby facilitating the realization of higher level of 
security. 

Yet further object of the Invention Is to provide an Improved elliptic 
curve encryption system, which provides an efficient binary series, 
representation of big integer thereby optimising the scalar 
1 5 multiplication time by reducing number of operations. 

SUMMARY OF THE INVENTION 

According to the present invention, there is provided a method of 
elliptic curve encryption based on elliptic curve method. The Inherent 
security provided by the elliptic curve is derived from the characteristic 

20 that the addition of two points on the curve can be defined as another 
point on the curve, if a starting point is selected on the curve and Is 
multiplied by an Integer, the new point also lies on the elliptic curve. 
The present elliptic curve encryption method has lower bandwidth 
requirement and has reduced encryption time. The encryption method 

25 has enhanced security as it selects different random points lying on 
the curve corresponding to different points of the input message. The 
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method provides an efficient method for selection of random points on 
the elliptic curve. The encryption method of the present Invention 
utilizes x and y coordinates, both, corresponding to the message 
thereby increasing the throughput of the system. The present 
5 Invention also provides an efficient method to convert a big Integer Into 
a series of powers of 2, which reduces division and multiplication 
operations. It also provides an efficient method of scalar multiplication 
of a point on the elliptic curve by a large Integer thereby reducing the 
encryption time. 

io description of the drawings 

Fig. 1 Is a list of steps Involved In the generation of large random 
integer 

Fig. 2 is a list of steps to convert a large integer into a series of 
numbers which are multiples of (2 31 ) n , where each number Is 
15 less than 2 31 . 

Fig. 3 is a list of steps to convert each of the coefficient of the series 

of numbers, which are multiples of (2 31 ) n , Into a binary series. 
Fig. 4 Is a list of steps Involved In multiplication of a binary series 
with a point on the elliptic curve. 
2 o Fig. S Is a list of steps Involved In the generation of encryption keys 
Fig. 6 Is a list of steps Involved In the encryption of Input message 
Fig. 7 is a list of steps involved in the decryption of the encrypted 
message 

DESCRIPTION OF THE INVENTION 

25 Any encryption system based on elliptic curve cryptography derives its 
strength from elliptic curve discrete logarithm problem. An elliptic curve 
E P (a,b) over a finite field has, in general, the following form 
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Y 2 = x 3 + ax + b mod (p) 

Where, p is a large prime number and a, b are non-negative integers 
less than p that satisfy the following equation. 

4 a 3 + 27b 2 mod(p) not equal to 0 

5 in this algorithm, we have taken p as a 160-bit length (approximately 
49 decimal digits) prime number. In this equation, selection of a. b & p 
decides the elliptic curve. 

The purpose of secrecy Is served, if a well hidden point G(x,y) on the 
elliptic curve Is selected. This condition can be satisfied if coordinates x 

10 and y are large enough to be unpredictable. Finding such a well-hidden 
point on the elliptic curve Is a challenging task. To solve this problem, 
the present method of encryption utilises the well-known property of 
the elliptic curve, that a scalar multiplication of a point on the elliptic 
curve gives another point on the elliptic curve. In the present method of 

2 5 encryption, initially a point on the curve Is selected by scanning a 
limited range of x and then this value is multiplied by a large random 
integer to realize the required wen hidden point on the elliptic curve. 

In the present method of encryption, a large (16D bit) random Integer ri 
is used to choose a point G(x,y) on the elliptic curve E P (a,b), where k 

20 and y coordinate values are also large. The random number ri Is 
generated by a method of concatenation of a number of smaller 
random numbers. Once the point G(x,y) is known, the private key rw 
(approx 160 bits length) can be selected manually or by any predefined 
method. For the purpose of automation, a random Integer n* has been 

25 considered as a private key. Then public key P A (x.y) is given by the 
formula 
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Pa (x,y)=n A -G(x,y) mod(p) 

Where stands for multiplication of point G (x,y) on an elliptic curve with 
a random integer ha. Here Pa(x,v) is also a point on the elliptic curve 
Ep(a.b). Here both co-ordinates x and y are large and as such It Is very 
difficult to predict or calculate iia, even if the equation of the curve and 
public key information are made available. The improved elliptic curve 
encryption system, of the present Invention, can be described In 
following steps with the help of corresponding figures. 

(0 Generating an elliptic curve 

An equation of elliptic curve E p (a,b) Is generated by selecting two 
integers a & b which satisfy the following equation. 

Y 2 =x 3 +ax+b mod (p) 

Where, 4 a 3 +27b 2 mod (p) not equal to 0 

The elliptic curve equation is generated, while generating encryption 
keys, as described In step (IV) 

(|Q BmaflDH a farm random Integer 

It Is extremely Important to generate a random point G(x.y) on the 
elliptic curve which has a very large value for Its coordinates (of the 
order of 160 bit) to ensure secure encryption. In order to realize this, it 
Is essential to generate large random Integers. Selecting number of 
small random Integers (less than 10 digits) and concatenating these 
random integers generates the large random integer. Large random 
numbers are also used elsewhere In the algorithm for the purpose of 
key generation and masking. 
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Referring to Fig. 1, the generation of a large random Integer (say M) 
comprises of following steps: 



(0 setting 1=0 

(If) setting M to null 

(III) determining whether I < 6 

(tv) going to next If true 

(v) returning M as result If false 

(vi) generating a random number Rl within (0,1) by using library 
function 

(vll) multiplying Rl with 10 9 to obtain BINT- an integer of size 9 digits 

(vtll) concatenating BINT to M 

Ox) setting I = 1+1 

(x) returning to step(iii) 

The above procedure generate a big random Integer M with the size of 
approximately 160 bits (49 decimal digits approximately 160 bits). 

(Ill) Generating a well hidden point on the elliptic curve bv 
Scalar Multiplication of a large random Integer with a point 
on elliptic curve 

Scalar multiplication of a point B (x,y) on the elliptic curve with a large 
random Integer (say r0 generates a well hidden point 6 (x,y) on the 
elliptic curve due to a well known property of the elliptic curve. A 
random point B (x,y) on the elliptic curve E p ( a,b) is arbitrarily obtained 
by scanning a limited range of values [1,900] for x on the elliptic curve. 



in the present invention, a new algorithm for performing scalar 
multiplication has been proposed. The process of scalar multiplication 
of the present invention optimises the computational time for 
performing the scalar multiplication. The scalar multiplication process 
is required for generation of well hidden point on the elliptic curve as 
well for generation of encryption keys, generation of ciphered text and 
deciphering of ciphered text. Scalar multiplication of a point on the 
elliptic curve with any large integer can be performed by repeated 
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addition of the point on the elliptic curve. This optimised multiplication 
procedure requires binary series for addition of points which, In turn, 
demands representation of a large integer in powers of 2. This is 
achieved in following three steps. 

5 (a) Conversion of the large random Integer into a binary series 

The random integer (M) is converted into a binary series of 
following type 

M=m 0 (2 31 ) 0 + mi (2 31 ) 1 + m„(2 31 ) n 

Where each m„ i<^) = c 0 2° + ci2 1 +....+ C302 30 

1 0 And co,ci cao are zero or one 

Now, the scalar multiplication of 2 with B(x,y) can also be 
considered as addition of B(x,y) and B(x,y). 

2. B(x,y)=B(x,y) + B(x,y) 
and similary, 
1 5 2 2 . B(x,y)-2 1 .B(x,y) + 2 1 .B(x,y)} and so on 
2 n . B(x,y)= 2 {ft - 1) .B(x,y) + 2 ^ 1) .B(x,y)} and so on 

(b) Addition of two points on the elliptic curve 

This addition is achieved by using the following formula 
B 3 (x,y) = B1 (x.y) + B 2 (x,y) where 
20 X coordinate of Ba(x,y) = s 2 - Bi(x) -B2(x) mod (p) 

And 

Y coordinate of B 3 (x,y> ■ s(Bi(x) -Bs(x) - Bi(y) mod (p) 
Where, s - B,(y))/(B 2 <x)-Bi(x)) 

{if B1 (x,y) = B 2 (x,y) 
25 s = (3Bi 2 (x) +a)/2Bi(y)} 

Referring to Fig. 2, Flg.3 & Flg.4, the scalar multiplication of a random 
integer with a point on the elliptic curve comprises of following steps; 
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(a) Converting big integer into a series of powers of 2 31 

In the first step, the big Integer M Is divided with a value of 2 31 to 
obtain a series of values mo,mi, m2...m R whore the value of m n lies 
in [0,2 31 ) so that 

5 M * m 0 (2 31 ) 0 + mi (2 31 ) 1 + m„ (2 31 ) n 



Referring to Fig. 2 & Fig.3 this comprises of following steps 





/it 


A* A A^illkA IaIa* lime ■ — 1 ■■ K M 

accepting a Dig integer m 




(U) 


setting T31 equal to 2 




(Hi) 


setting LIM =see of M (in bits) and initialize array AO with see 


10 




1 IRA 

LIM 




Civ) 


setting INC RE equal to zero 




A A 

TO 


AAillHM ftl AAImNa ft ft MAllltlliA A 

setting N equal to M modulus T31 




(vi) 


setting M = INT (M/T31) 




(vii) 


determining whether N is equal to 0 


15 


(vifi) 


going to next if true 




(ix) 


going to step (xxiv) if false 




(x) 


determining whether M Is equal to 0 




(XI) 


going to next if true 




(xlO 


going to step (xxvJ) if false 


20 


(xiiD 


setting 1 & J equal to 0 




(xiv) 


determining whether 1 & LIM 




(xv) 


going to next if false 




(xvl) 


going to step (xxviii) if true 




(xviO 


determining whether A (1) is equal to 1 


25 


(xviii) 


going to next if true 


(xix) 


returning to step (xxiQ if false 




(xx) 


setting B (J) equal to I 




(xxD 


setting J = J+1 




(xxit) 


setting 1 = 1+1 


30 


(xxiii) 


returning to step (xiv) 




(xxiv) 


calling function BSERIES (N, INCRE), which updates array AO 




(XXV) 


returning to step (x) 




(xxvh 


setting INCRE - INCRE + 31 




(xxvii) returning to step (v) 



35 (xxviii) returning array B 0 as result 



(b) Converting each coefficient m„ of the 2 31 series obtained from 
above step further into a binary series 
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25 



In this step, coefficients of the Individual numbers In the 2 31 series, 
obtained from above step, are converted into a series of powers of 2. A 
function BSERIES is used to convert each coefficient (mn) into a series 
of powers of 2. 

5 Referring to Fig. 2 and Fig.3, this comprises of following steps: 
(i) accepting N and INCRE from step (a) 

(IQ assigning BARRAY as an array of values which are powers of 2 

a2° 2 30 D 

(iij) setting SIZE = size of N (in digits) 

1 o (iv) computing POINTER = 3 (SIZE) +INT (SIZE/3)-4 

(v) determining whether POINTER <2 

(vQ going to next if true 

(viO going to step (fr) if false 

(vifi) setting POINTER equal to zero 

2 5 (Ix) determining whether ( BARRAY (POINTER)sN) 

(x) going to next if true 
(xl) going to step (xx) if false 
(xiD determining whether BARRAY (POINTER)=N 
(xiiQ going to next if true 
2 o (xlv) going to step (xvii) If false 

(xv) setting A (POINTER + INCRE) equal to 1 . 

(xvi) returning array A 0 as result 

(xvii) setting A ((POINTER - 1)+ INCRE) equal to 1 
(xvifi) computing N ^N-BARRAY (POINTER-1) 
(xlx) returning to step (III) 

(xx) setting POINTER - POINTER ♦ 1 

(xxi) returning to step (ix) 

( c ) Multiplication of binary series obtained from steps (a) and (b) 
above with a point on the elliptic curve. 



30 



Referring to Fig. 2 & Fig. 4, the multiplication of binary series with a 
point on the elliptic curve comprises of following steps: 



WO 2004/038680 




PCT/IN2003/000339 



13 



(0 accepting B(x,y), a point on E p (a,b) 

(II) accepting array BO with size LIM 

(III) setting I & J equal to zero 
(iv) determining whether B(J)= t 

5 (v) going to next if true 

(vl) going to step (xxv) If false 

(vll) setting PARR (x.y) (J) equal to B(x,y) 

(vlll) setting J=J+1 

(ix) determining whether J is equal to LIM 

10 (x) going to next if true 

(xh going to step (xxv) if false 

(xin setting K equal to zero 

(xlll) determining whether K>0 

(xiv) going to next if true 

1 5 (xv) going to step (xxfi) if false 

(xvi) computing FP(x,y)=FP(x,y) + PARR(x,y) (K) 

(xvll) setting K=K+1 

(xvlli) determining whether K= LIM 

(xix) going to next if true 

20 (xx) returning to step (xifi) if false 

(xxh returning FP(x,y) as result 

(xxlh setting FP(x.y) equal to PARR(x,y) (K) 

(xxlu) setting K=K+1 

(xxiv) returning to step (xiii) 

25 (xxv) setting 1=1+1 

(xxvi) setting B(x,y)=B(x,y) B(x,y) 

(xxvih returning to step (iv) 

(IV) Generating encryption k«v« 

In order to create a public key, based upon the property of 
30 elliptic curve, discrete logarithm problem has to be established. For 
this, an arbitrary point on the elliptic curve, B(x,y) is selected. Next, a 
random integer n is generated by adopting the procedure, as 
described in step (II). Scalar multiplication of this point on the elliptic 
curve with the random integer Is performed to generate a wed hidden 
35 point G(x,y) on the elliptic curve E p (a,b). 



G(x.y) = W B (x,y) mod (p) 
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The operation of scalar multiplication of random Integer with the point 
on the elliptic curve is performed by adopting the procedure as 
described in step (111). Once the well hidden point 6(x,y) is known, the 
private key n A (approximate 160 bit length) can be selected manually 
or by any predefined method. For the purpose of automation, a random 
number, nA is considered as private key. The public key Pa (x,y) is 
given by the formula. 



PA(x,y) =nA • G(x,y) mod(p) 

Once, the public key and the corresponding private key are 
determined, the Input message can be encrypted and decrypted with 
these keys. 

Referring to Fig. 5, the steps Involved In generation of encryption 
keys are provided In the following. 

(i) entering a big odd integer p of size & 160 bits 

(ii) determining whether p is a prime number 
(ill) going to next If p Is prime 

(iv) going to step (xix) if p Is not prime 

(v) . entering a small integer a > 0 

(vi) setting integer b = 0 & x=1 

(vlQ determining whether 4a 3 +27b 2 mod(p) Is equal to zero 

(vlil) going to next if false 

(ix) setting b= b+1 if true and going to step(vll) 

(x) setting z (sy 2 ) equal to x 3 + ax *b 

(xQ determining whether z is a perfect square 

(xii) going to step(xxi) if z Is not a perfect square 

(xlll) setting B(x,y)=(x,y) If z Is a perfect square 

(xiv) selecting a large random integer ri 

(xv) setting G(x,y) equal to (ri*B(x,y)) mod(p) 

(xvi) selecting a large random integer nA 

(xvll) setting P A (x,y) equal to (n A -G(x,y)) mod(p) 

(xvlll) return P A (x,y) as public key and n A as private key 

(xix) setting p=p + 2 

(xx) returning to step (ii) 
(xxO setting x=x+1 
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(xxll) determining whether x> 900 
(xxlll) going to next If true 

(xxiv) returning to step (x) if false 

(xxv) setting b = b + 1 
(xxvl) setting x = 1 
(xxvil) returning to step (vll) 

00 Baspaflna tin input massaag 

Since the message (say MSG) is In an alphanumeric form, it Is 
necessary to convert this message In a collection of numbers. Taking 
corresponding ASCII value of each character of the input message 
creates these numbers. These numbers are linearised by adding 1000 
to each of the ASCII value. Out of these bunch of numbers 
corresponding to ASCII equivalent, only 48 digits are selected at a 
time. Now, out of these sets of 48 digits, adjacent two numbers P c (x,y) 
are selected as a set of points. However, these points may not Be on 
the elliptic curve. It Is essential that all the points, which are to be 
encrypted, must lie on the elliptic curve. In order to realize this, 
following procedure Is adopted. 

Points Pmask(x,y) and Pk(x,y) on the elliptic curve are generated 
20 by using the following formula 

P mTO k(x,y)*(K-PA(x,y)) mod(p) 
Pk(x,v) = (K-G(x,y)) mod (p) 

Where K Is a large random Integer generated by following the 
procedure as described in step (II) above. Here Pa(x,v) Is the public 
25 key generated above and G (x,y) is the well hidden point generated 
above. Similarly, another point P m (x,y) on the elliptic curve Is 
generated with the help of following formula. 
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Pm(x,y) * (ryG(x,y)) mod(p) 

Here r 2 is another random integer generated by using the 
procedure as described in step (U) above. 

This point P m (x,y) is masked with the help of the point Pmask(x,y) 
5 on the elliptic curve generated above. 

Pmk <x,yHPm (x,y) + P ™sk (x,y) ) mod(p) 
The encrypted message P 8 (x,y) Is generated from the following 

Pa(x,y) * Pc(x,y) - Pi»tx,y) (Here -stands for difference of 

Coordinates x and y of P c (x,y) 
and P m (x,y)) 

This process Is repeated by selecting different random numbers 
for different set of (48,48) digits corresponding to the Input message. 
This particular feature of the present encryption system enhances it's 
security level. It Is dear, from above, that from P» (x,y) and n A the 
original message can not be reconstructed. In order to decrypt the 
ciphered message, it is essential to transmit P a (x,y), Pm (x,y) and Pk 
(x,y). However, since Pm* (x,y) and P* (x,y) are points on the elliptic 
curve E p (a,b), only x coordinate of these points need to be transmitted. 
Y coordinates of these points can be computed at other end by using 
elliptic curve E p (a, b). P a (x,y) is the message hidden wBh the help of a 
third point P m (x.y) on the elliptic curve E p (a,b). 

20 Referring to Fig 6, the encryption process comprises of following 

steps: 

(I) generating a large random Integer K 
(U) setting P mTO k(x,y) =k- PA(x,y) mod (p) 
(Hi) setting P k (x,y)=k-G(x,y) mod (p) 
25 (iv) accepting the message (to be encrypted) 
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(v) converting the message into a point Pc(x,y) 

(vl) generating a random point P m (x,y) on elliptic curve E p (a,b) 

(vll) setting Pe(x,y)=(P c (x,y) - P m (x,y)) (here-stands for difference of 
coordinates) 

5 (vliD setting Prnkfoy^mfoy) +Pmask(x l y)) mod(p) 

(ix) returning P*(x), P a (x,y) and Pmk(X) as the result (cipher) 



(VI) Decrypting the encrypted message 



Referring to Fig. 7, the decryption process reconstructs the message 
(MSG) from the ciphered message by using the following formula. 

i o Pc(x.y) s Pe(x,y) + Pm <x,y) 

* P 8 (x,y) + (Pmk(x,y) -k-P A (x,y)) 
s Pa(x,y) + (Pn* (x,y) - k- (n* G(x,y))) 
s Pe(x,y) + (Pmk(x,y) - itA-(k-G(x,y))) 
=P 8 (x,y)+ (Pmk(x,y) -iw Pk(x,y)) 
J5 Here, P e (x,y), Pmk(x,y) and Pk(x,y) are obtained from transmitted 
values and n A is private key and these values are sufficient to 
reconstruct the message. 

Referring to Fig. 7, The decryption of the ciphered message 
comprises of following steps: 

20 (0 getting cipher text (Pk(x), Pe(x,y) and Pmk(x)) 

(II) computing Pk(y) from Pk(x) by using elliptic curve E p (a,b) 

(III) computing Pmk(y) from P mk (x) by using elliptic curve E p (a,b) 
(iv) computing Pak (x,y)=(nA-Pk(x,y)) mod(p) 
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(v) computing Pmtx.yMPn^x.y) - P ak (x,y)) mod(p) 

(vl) computing Pc(x,y)= P m (x,y)+P 8 (x,y) (here+stands for 

addition of coordinates) 
(viO converting P c (x,y) into the input message MSG 

It Is to be understood that the process of the present Invention Is 
5 susceptible to adaptations, changes and modifications by those skilled in 
the art. Such adaptations, changes and modifications are intended to be 
within the scope of the present invention, which is further set forth with 
the following claims. 
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WE CLAIM 

1. A method of elliptic curve encryption comprising the step of: 

(a) selecting an elliptic curve E p (a,b) of the form y^x 3 + ax + b mod (p) 

wherein a and b are non-negative integers less than p satisfying the 

formula 4 a 3 + 27b 2 mod (p) not equal to 0; 
5 (b) generating a large 160 bit random number by a method of 

concatenation of a number of smaller random numbers; 
(c) generating a well hidden point G(x,y) on the elliptic curve Ep (a,b) by 

scalar multiplication of a point B (x,y) on the elliptic curve with a large 

random Integer which further comprises the steps; 

io (0 converting the large random integer into a series of powers of 2 31 ; 
(II) converting each coefficient of 2 31 obtained from above step Into a 
binary series; 

(Hi) multiplication of binary series obtained from steps(0 & (ii") above 
with the point B (x,y) on the elliptic curve 
j 5 (d) generating a private key n A (of about>=160 bit length); 

(e) generating of public key PA(x,y) given by the formula PA(x,y) = 
(hA-G (x,y)) mod (p); 

(f) encrypting the Input message MSG; 
(S) decrypting the ciphered text 

20 2. A method of elliptic curve encryption as claimed In claim 1, wherein 
the said number p appearing in selection of elliptic curve is about 
160 bit length prime number. 
3. A method of elliptic curve encryption as claimed in claim (1), 
wherein the said method of generating any large random integer M 

25 comprises the steps of; 
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(I) setting I = 0; 
(ii) setting M to null; 
(HO determining whether l<6; 
(Iv) going to next if true; 
5 (v) returning M as result if false; 

(vi) generating a random number Rl within (0,1) by using library 
function; 

(vlQ multiplying Rl with 10 9 to obtain BINT - an Integer of size 9 digits; 
(viu) concatenating BINT to M; 
10 (bQ setting 1 = 1 + 1; 
(x) returning to step(lir) 

4. A method of elliptic curve encryption as claimed in claims 1 to 3 
wherein the said conversion of large random integer into a series 
of powers of 2 31 and said conversion of each coefficient m„ of the 
1 5 said 2 31 series thus obtained for scalar multiplication for the said 

random integer with the said point B(x,y) on the said elliptic curve 
E p (a,b) comprises the steps of. 

(0 accepting a big Integer M; 

(ii) setting T31 equal to 2 31 . 
20 (HO setting LIM = size of M (in bits) and Initializing array AO with size 
LIM; 

(iv) setting INCRE equal to zero; 

(v) setting N equal to M modulus T31; 
(vi - ) setting M= INT(M/T31); 

2 5 (vii) determining whether N is equal to 0; 
(viu) going to next if true; 
(Ix) going to step (xxlv) if false; 
(x) determining whether M is equal to 0; 
(xQ going to next if true; 
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(XII) 


going to step (xxvl) if false; 




(xlll) 


setting I =o & J=0; 




/wit A 

(XIV) 


determining whether la LIM; 




(XV) 


going to next step if false; 


5 


(xvJ) 


going to step (xxvlif) If true; 




(XVII) 


determining whether A(l) is equal to 1 ; 




(xvifi) 


going to next step if true; 




(xix) 


returning to step (xxii) if false; 




(XX) 


setting B (J) =l; 
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(xxj) 


incrementing J by 1 ; 




(xxlO 


incrementing I by 1; 




(xxlli) 


returning to step (xlv); 




(xxiv) 


calling function BSERIES (N, INCRE) and updating array A 0; 




(xxv) 


returning to step (x) 


15 


(xxvl) 


setting INCRE = INCRE + 31; 



(xxvii*) returning to step (v); 
(xxviil) returning array B 0 as result. 

5. A method of elliptic curve encryption as claimed In claims 1 to 4, 
wherein the said conversion of large random integer Into a series of 
20 powers of 2 31 and said conversion of each coefficient m n of the said 
2 31 series thus obtained for the said scalar multiplication of the said 
random Integer with the said point B(x,y) on the said elliptic curve 
E p (a,b) further comprises the steps of: 
(0 accepting N and INCRE; 
25 (II) assigning BARRAY as an array of values which are powers of 

2(12° 2 30 !); 

(HQ setting SIZE =size of N On digits); 

(iv) computing POINTER = 3 (SIZE)+INT(SIZE/3)-4; 

(v) determining whether POINTER < 2; 
30 (vO going to next if true; 
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(vll) going to step (fx) if false; 

(viii) setting POINTER equal to zero; 

(ix) determining whether (BARRAY(POINTER) *N); 

(x) going to next step If true; 
5 (xO going to step (xx) if false; 

(xii) determining whether BARRAY (POINTER)^; 
(xllf) going to next step If true; 
(xlv) going to step (xvil) If false; 
(xv) setting A (POINTER + INCRE) equal to 1 ; 
j o (xvi) returning array A 0 as result ; 

(xvll) setting A ((POINTER - 1) + INCRE) equal to 1 ; 
(xvifi) computing N=N-BARRAY(POINTER-1); 

(xix) returning to step (8Q; 

(xx) setting POINTER * POINTER + 1 ; 
1 5 (xxi) returning to step (ix); 

6. A method of elliptic curve encryption as claimed in claims 1 to 5, 
wherein the said scalar multiplication of the said binary series with 
the said point B(x,y) on the said elliptic curve E p (a,b) comprises the 
steps of: 

20 (I) accepting B(x,y), a point on E p (a,b); 
(H) accepting array BO with size LIM ; 
(Hi) setting I = 0 & J=0; 

(iv) determining whether B(J)=l ; 

(v) going to next step If true; 

2 5 (vQ going to step (xxv) if false; 

(vii) setting PARR (x,y) (J) equal to B(x,y); 
(vlil) Incrementing J by 1 ; 

(ix) determining whether J is equal to LIM; 

(x) going to next step if true; 
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(xi) going to stop (xxv) if false; 
(xll) setting K=zero; 

(xiii) determining whether K>0; 

(xiv) going to next step if true; 
5 (xv) going to step (xxii) If false; 

(xvO computing FP(x,y)*FP(x,y) + PARR(x,y) (K); 
(xvli) incrementing K by 1; 
(xvilt) determining whether K=LIM; 
(xlx) going to next If true; 
i o (xx) returning to step (xiii) if false; 
(xxQ returning FP(x,y) as result; 
(xxli) setting FP(x,y) equal to PARR(x,y) (K); 

(xxiii) incrementing K by 1; 

(xxiv) returning to step (xiii); 
1 5 (xxv) incrementing I by 1; 

(xxvl) setting B(x,y) =B(x,y) + B(x,y); 
(xxviQ returning to step (iv). . 

7. A method of elliptic curve encryption as claimed in claim 1, wherein 
the said public key PA(x,y) is also a point on the said elliptic curve 

20 E p (a,b). 

8. A method of elliptic curve encryption as claimed in claims 1 to 7, 
wherein the said generation of the said private key n* and the said 
public key PA(x,y) comprises the steps of: 

(0 entering a big odd integer p of size it 160 bits; 
25 (B) determining whether p is a prime number; 

(iii) going to next step if p is prime; 

(iv) going to step (xix) if p is not prime; 

(v) entering a small integer a > 0; 

(vi) setting integer b = 0 & x =1 ; 
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(vll) determining whether 4a 3 + 27b 2 mod(p) = zero; 

(vlll) going to next step If false; 

(ix) incrementing b by 1 if true and going to step (vfi); 

(x) setting z (^y 2 ) ^x 3 +ax + b; 

5 (xl) determining whether 2(=y*) Is a perfect square; 

(xiO going to step(xxi) if z is not a perfect square; 

(xiii) setting B(x,y) equal to (x,y) if z is a perfect square; 

(xiv) selecting a large random Integer n; 

(xv) setting G(x,y) = (rrB(x,y)) mod(p); 
i o (xvi) selecting a large random integer ru; 

(xvIO setting P A (x,y) = (rwGrjt.y)) mod (p); 

(xvlll) return PA(x,y) as public key and n A as private key; 

(xix) incrementing p by 2; 

(xx) returning to step (it); 
i 5 (xxi) Incrementing x by 1 ; 

(xxiO determining whether x > 900; 

(xxiii) going to next step if true; 

(xxlv) going to step (x) if false; 

(xxv) Incrementing b by 1; 

20 (xxvi) setting x = 1; 

(xx vll) returning to step (vll). 



9. A method of elliptic curve encryption as claimed in claims 1 to 8, 
wherein the said encryption of the said message MSG comprises 
the steps of: 
25 (i) generating a large random integer K; 

(ii) setting Pmask(x,y) = k-P A (x,y) mod (p); 

(HI) setting P k (x,y) = k.G(x,y)mod(p); 

(iv) accepting the message to be encrypted (MSG); 

(v) converting the message into a point P c (x,y); 
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(vl) generating a random point P m (x,y) on elliptic curve E p (a,b); 

(vll) setting P 9 (x,y) = (P c (x,y) - Pm(x,y)); 

(vlli) setting Pmk(x,y) = (P m (x,y) + Pmask(x,y)) mod(p); 

Cm) returning Pk(x), P a (x,y) and pmk(x) as the result (cipher). 

5 10. A method of elliptic curve encryption as claimed in claim 1 to 9, 
wherein the said decryption of the said ciphered text comprises the 



10 (III) 



(0 



(IV) 

(v) 
(vD 
(VH> 



steps of: 

getting cipher text (P k (x), P e (x,y), P mk (x ); 
computing P fe (y) from Pk(x) using elliptic curve E p (a,b); 
computing P m k(y) from P m k(x) using elliptic curve E p (a,b); 
computing P Bk (x,y) = (n* Pk(x,y)) mod(p); 
computing P m (x,y)= (Pmk(x,y) - Pak(x,y)) mod(p); 
computing P c (x,y) ■ P m (x,y) + P 8 (x,y); 
converting P c (x,y) into the Input message MSG. 



25 11. A method of elliptic curve encryption substantially as described and 
Illustrated herein. 
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1 = 1 + 1 



START 




1*0 

M= NULL 




NO 



RESULT IS M 



YES 



GET A RANDOM NUMBER 
RI 



COMPUTE BINT- RI * 10 



CONCATE BINTTO M 
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START 
_J 



M IS A BIG INTEGER 
T31 =2 3 ' 

lim«sizeof(m; (in bits; 

AO IS AN ARRAY WITH SIZE LIM 



X 



1NCRE~0 



COMPUTE N=M%T31 
COMPUTE M= INT(M/T3t) 




CALL FUNCTION 
BSER|ES(N,INCRE) 
UPDATES AO 



1NCRE=INCRE +31 




YES 
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ACCEPT N . INCRE 

BARRY IS AN ARRAY CONTAINING VALUES OFPOWERS OF 2 [?°,2'.. -j* 30 ] 



I 



COMPUTE SIZE = SIZE OF(N) 
1 



COMPUTE POINTER =3(SIZE) + INT(SlZE/3) -4 



NO 




POINTER = 0 




POI NTER = POINTER + 1 



jARRAY(POINTER)^l 
YES 



A((POlNTER -1) + INCRE) = 1 
N - N - BART? A^f (POINTER- 1) 



A(POINTER + INCRE) - t 



RESULT IS AO 







C^STOP^> 



Fr 9 . ^ 
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START 




B( x,y) ISA POINT ON E P (a.b) 
BO >S AN ARRAY WITH SIZE LIM 

I 





1=0 
J = 0 




BCx.y) = B(x,y) + B(x,v) 


*\ 



± 



1=1 + 1 



NO 



IF 
8(J) = L 



YES 



PARR (*.yJ(j)=B(x,y) 
J=J + 1 



NO 




K=0 




K = K+ 1 



FP(x.y) = PARR(x,y)(K) 



FP(x.y) = FP(x.y) + PARR(x,y)(K) 
I 



K =K + 1 



NO 




IFK-LIKC 

YES 



RESULT ISFP^x.y) 




STOP 
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Efy 




ACCEPT INTEGER a > 0 
b =0 , X =M 




compute z(«y 2 )=x 5 +ax + b 




x = x -t-I 




B(x,y) = (x,y) 



SELECT A BIG RANDOM INTEGER Tj 



I 



COMPUTE G(x.y) = ( r, . B(x,y)) mod (p) 



I 



SELECT A BIG RANDOM INTEGER n A 



COMPUTE P A (K.y)- (n A «G(x,y))mod(p) 
Public key is p A fr.y). private key is ru 



I 



Ffg. 5 
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SELECT A BIG RANDOM INTEGER K 



COMPUTE P TO5K (x,y)= (K . P A (x.y)) (p) 
COMPUTE P K (x,y) = (K • G(x,y)) mod (p) 











ACCEPT MESSAGE MSG 






CONVERT MSG INTO A POINT P c (x,y) 







SELECT A POINT P m (x,y) on E p (a.b) 
COMPUTE A point P«(x,y) = P c (x,y) - P m (x,y) 



COMPUTE P mK (x,y) = ( Pm(x.y) + P mask (x.y)) fnod(p) 



THE CIPHER IS 




Fig. 6 



WO 2004/038680 



PCT/IN2003/000339 



7 /7 




GET CIPHER TEXT P k (x), P e (x,y), P^i*) 



COMPUTE P K (y) FROM P K (x) BY USING E p (a,b) 



COMPUTE P mk (y) FROM P mk (x) BY USING E p (a,b) 

I 

COMPUTE Pak(x,y)= (n A .P k (x,y))mod(p) 



COMPUTE P m (x,y)= (Pmic(x.y)- P 3 k(x,yJ ) mod (p) 







COMPUTE P c (x,y) 


= Pm(x,y) + PeC^y) 



CONVERT P c (x,y)|NTO MESSAGE MSG 




Fig. 7 
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